Hi All,
I created a key auth plugin with two consumers and two auth keys. I can access the API with these two keys without any issue. Then I created two ACL plugins as belows.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: acl-wl-test-sp
config:
whitelist:
- test-sp
hide_groups_header: true
plugin: acl
" | oc apply -f -
echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: acl-bl-test-sp
config:
blacklist:
- test-sp
hide_groups_header: true
plugin: acl
" | oc apply -f -
When I add this acl-wl-test-sp plugin to my API service, I cannot access API with any of the keys from test-sp or test-sp2.
HTTP code : 403Forbidden
{
"message": "You cannot consume this service"
}
When I remove the above and add acl-bl-test-sp plugin to my API service, I can access the API with any of the keys of test-sp and test-sp2. This is the not the expected behavior of this plugin.
oc patch service proxy-from-k8s-to-ext -p '{"metadata":{"annotations":{"konghq.com/plugins":"acl-wl-test-sp"}}}'
oc patch service proxy-from-k8s-to-ext -p '{"metadata":{"annotations":{"konghq.com/plugins":"acl-bl-test-sp"}}}'
Appreciate your input.
Thanks!